ISO/IEC TR 29110-3-1:2020

TECHNICAL ISO/IEC TR
REPORT 29110-3-1
Second edition
2020-04
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 3-1:
Process assessment guidelines
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .vi
1 Scope . 1
1.1 Fields of application . 1
1.2 Target audience . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Process assessment framework . 3
6 VSE process assessment . 4
6.1 Performing an assessment . 4
6.1.1 General. 4
6.1.2 Assessment inputs . 5
6.1.3 Roles and responsibilities . 5
6.1.4 The assessment process . 5
6.2 Use of the assessment results . 6
6.3 Achievement of a VSE profile . 6
6.4 Application of process assessment models . 6
Annex A (informative) Measurement framework for the assessment of process capability
and VSE profiles . 8
Annex B (informative) Examplar software life cycle process assessment model for Very
Small Entities.21
Annex C (informative) Examplar system life cycle process assessment model for Very Small
Entities .68
Bibliography .99
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC/TR 29110-3-1:2015), which has been
technically revised.
The main changes compared to the previous edition are as follows:
— Annex A has been reworked and split to distinguish measurement framework and exemplar process
assessment model; exemplar process assessment model for system life cycle processes has been added;
— main concepts for VSE profiles, i.e. maturity levels and process capability levels, have been added;
— structure of the process assessment model has been reworked and mapped to VSE profiles and
processes dimensions;
— process assessment indicators description has been reworked;
— software project management and software implementation process base practices indicators
and work product characteristics have been aligned with the latest editions of ISO/IEC 29110-4-1,
ISO/IEC/TR 29110-5-1-2 and ISO/IEC/TR 29110-5-2-1;
— software process performance indicators for organizational profile group have been added;
— software process capability levels and process attributes indicators (PA.1 to PA.4) have been added;
— rules to derive VSE profiles from process capability levels have been added;
— subclauses on conformity of the exemplar process assessment model have been added.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
iv © ISO/IEC 2020 – All rights reserved

Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO/IEC 2020 – All rights reserved v

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organization, a
department or a project having up to 25 people. Since many VSEs develop and/or maintain system
and software components used in systems, either as independent products or incorporated in larger
systems, recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook 2019 report, ‘Small and medium-sized enterprises (SMEs) and
entrepreneurship are essential drivers of economic and social well-being. Representing 99 % of all
businesses, generating about 60 % of employment and totalling between 50 % and 60 % of value added
in the OECD area’. The challenge facing OECD governments is to provide a business environment that
supports the competitiveness of this large heterogeneous business population and that promotes a
vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements, including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a
net benefit in establishing over-complex systems or software life cycle processes. To address some of
these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as
profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs'
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; information products
(documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or
software development within a life cycle. This series is intended to be used by VSEs that do not have
experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards
to the needs of a specific project. VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or
ISO/IEC/IEEE 15288 are encouraged to use those standards instead of the ISO/IEC 29110 series.
The ISO/IEC 29110 series is intended to be used with any lifecycle such as waterfall, iterative,
incremental, evolutionary or agile.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
vi © ISO/IEC 2020 – All rights reserved

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC/TR 29110-1 Overview VSEs and their customers, assessors,
standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110-2 Framework for profile prepa- Profile producers, tool vendors and
ration methodology vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards producers,
tool vendors and methodology vendors.
ISO/IEC/TR 29110-5 Management, engineering and VSEs and their customers.
service delivery guides
ISO/IEC 29110-6 Management and engineering VSEs and their customers.
guides not tied to a specific
profile
ISO/IEC/TR 29110-7 Specific profile guidelines VSEs and their customers.
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC/TR 29110-5 and ISO/IEC 29110-6 and or
ISO/IEC/TR 29110-7 ISO/IEC/TR 29110-5 can be developed with minimal impact to existing documents.
ISO/IEC/TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC/TR 29110-5-m-n provides management, engineering and service delivery guides for the
profiles in a profile group.
ISO/IEC 29110-6-m provides the specification for specific profiles that are based on subsets of
appropriate standards elements.
ISO/IEC/TR 29110-7-x provides a guide for each profile in the specific profile group.
This document defines the process assessment guidelines needed to meet the purpose of defined VSE
profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002.
© ISO/IEC 2020 – All rights reserved vii

Figure 1 describes the ISO/IEC 29110 series of International Standards (IS) and Technical Reports (TR)
and positions the parts within the framework of reference. Overview, assessment guide, management
and engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
Figure 1 — The ISO/IEC 29110 series
viii © ISO/IEC 2020 – All rights reserved

TECHNICAL REPORT ISO/IEC TR 29110-3-1:2020(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 3-1:
Process assessment guidelines
1 Scope
1.1 Fields of application
This document defines the process assessment guidelines needed to meet the purpose of defined VSE
profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002.
The possible uses of this document are as follows.
a) Assessment to evaluate the process capabilities. Use when an organization wants an assessment of
profile conformance (basic, etc.) of the implemented processes.
b) Supplier's capability assessment. Use when a customer asks for a third party to conduct an
assessment in order to obtain a profile (basic, etc.) of the implemented process by the system or
software development and maintenance supplier.
1.2 Target audience
The target audience of this document is primarily those who perform or have direct relationship with
process assessments of VSEs. This document also contains information that can be useful to developers
of assessment methods and assessment tools and those requiring additional guidance on the assessmet
process.
This document is addressed to people who have a direct relation with the assessment process based on
the VSE profiles (e.g. the assessors and the sponsor of the assessment) who need guidance on ensuring
that the requirements for performing an assessment have been met.
It is intended that ISO/IEC/TR 29110-1 be read first when initially exploring VSE profile documents.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC/TR 29110-1, Systems and software engineering — Lifecycle profiles for Very Small Entities
(VSEs) — Part 1: Overview
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC/TR 29110-1 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http:// www .iso .org/ obp
© ISO/IEC 2020 – All rights reserved 1

— IEC Electropedia: available at http:// www .electropedia .org/
NOTE In the ISO/IEC 29110 series, to minimize confusion about the term ‘basic’ that is used to mean different
ideas, the term ‘Basic’ with a capital B is used to refer to the Basic profile while the term ‘basic’ is used to mean
forming an essential foundation or starting point (e.g. basic types of work products).
3.1
process profile
set of process attribute ratings for an assessed process
Note 1 to entry: Within the ISO/IEC 29110 series, a profile is defined as “set of one or more base standards
and/or profiles and, where applicable, the identification of chosen classes, conforming subsets, option and
parameters of those base standard, or standardized profiles necessary to accomplish a particular function”
(ISO/IEC/TR 10000-1).
Note 2 to entry: When used unqualified in this document, this is the applicable definition.
[SOURCE: ISO/IEC 33001:2015, 3.2.18, modified — Note 1 to entry and Note 2 to entry have been added.]
3.2
process quality
ability of a process to satisfy stated and implied stakeholder needs when used in a specified context
[SOURCE: ISO/IEC 33001:2015, 3.4.8]
3.3
process quality level
representation of the achieved level of a process quality (3.2) characteristic derived from the process
attribute ratings for an assessed process
[SOURCE: ISO/IEC 33001:2015, 3.4.10, modified — "point on a scale of achievement" has been replaced
with "representation of the achieved level".]
3.4
target process profile
process profile (3.1) specifying which process attributes are required and the rating necessary for each
process attribute for a required process
[SOURCE: ISO/IEC 33001:2015, 3.2.20]
4 Abbreviated terms
BP base practice
OM organizational management
PA process attributes
PAM process assessment model
PMP process management process
PPM project portfolio management
PRM process reference model
RM resource management
VSE Very Small Entity
2 © ISO/IEC 2020 – All rights reserved

5 Process assessment framework
These guidelines apply to VSE process assessments. The assessment, as defined in this document, has
two purposes:
— To evaluate the process capability based on a two-dimensional assessment model containing a
process dimension and the process quality dimension. The process dimension refers to the processes
defined in each VSE profile which are provided by an external process reference model (PRM).
The process quality dimension consists of a Process measurement framework comprising process
quality levels, their associated process attributes, and the rating scale.
— To evaluate whether an organization fulfils the targeted VSE profile based on the evaluated
capabilities for the processes.
For an official recognition, the conformity assessments should be carried out following a process
assessment process satisfying the requirements of ISO/IEC 33002 and described in Clause 6. For self-
assessments emphasizing identification of process improvements, other approaches can be applied
(additional information can be found in other parts of ISO/IEC 29110 specifically dedicated to self-
assessment).
According to ISO/IEC 33001, a process assessment is “a disciplined evaluation of an organizational
unit’s processes against a process assessment model (PAM)”. In this context, the process assessment
model consists of a subset of process purposes and outcomes of a process reference model, and the
process attributes, quality levels and rating scale that are defined in the correspondent process
assessment model. A process reference model is, for instance, ISO/IEC/IEEE 12207 and the applicable
subset is defined in a Specification of a VSE profile, for instance, ISO/IEC 29110-4-1. The applied process
assessment model, always conformant to ISO/IEC 33002, has as its result represented as a set of
process attribute ratings, i.e. a process profile. Figure 2 illustrates the relevant documents and data for
a process applicable to VSE process assessment.
ISO/IEC 33002 sets out the minimum requirements for performing a process assessment that ensure
consistency and repeatability of the ratings. The requirements help to ensure that the process
assessment output is self-consistent and provides evidence to substantiate the ratings and to verify
conformance with the requirements.
Self-assessments are typically performed to identify process improvement opportunities or to check
current status of the organization’s performance. Self-assessments in VSEs are outside the scope of this
document.
© ISO/IEC 2020 – All rights reserved 3

Figure 2 — Elements of VSE process assessment
6 VSE process assessment
6.1 Performing an assessment
6.1.1 General
In performing a process assessment based on the ISO/IEC 29110 series, the requirements expressed
in ISO/IEC 33002 are intended to be satisfied in full. This clause provides additional guidance related
specifically to the process assessment in VSEs.
A process assessment is conducted according to a documented process that is capable of meeting
the process assessment purpose. The key elements of a documented assessment process are closely
tied to the requirements for performing an assessment, defined in ISO/IEC 33002. The documented
assessment process is the set of instructions for conducting the process assessment. A documented
assessment process addresses the following aspects of the conduct of a process assessment:
— incorporate as a minimum, the tasks defined in ISO/IEC 33002;
— identify the classes of process assessment for which the documented assessment process can
be applied and the nature and extent of tailoring associated with each class addressed by the
documented process;
— define the criteria for ensuring coverage for both the defined organizational scope and the defined
process scope for the assessment, in terms of the strategy for collecting and analysing data;
— identify or define the approach to be taken in performing the generation of process attribute ratings,
including (where applicable) the aggregation of observations and/or characterisations across the
elements of the assessment.
4 © ISO/IEC 2020 – All rights reserved

6.1.2 Assessment inputs
Process assessment inputs as specified in ISO/IEC 33002:2015, 4.4 are to be defined. In conducting
process assessments of VSEs based on ISO/IEC 29110-4-1, the following issues are expected.
— The process scope of the process assessment [ISO/IEC 33002:2015, 4.4 (d) (1, 2)] should be
determined by the target VSE profile specified for the process assessment.
— The organizational scope of the process assessment [ISO/IEC 33002:2015, 4.4 (d) (3)] should
typically be the entire VSE; however, where the VSE deploys a small number of clearly distinct
projects or functions, the scope can be limited to a single project or function.
— In defining the process assessment context [ISO/IEC 33002:2015, 4.4 (d) (4)], the process assessment
plan should take into account the VSE business and engineering context and be affordable for a VSE.
— In defining the process assessment constraints [ISO/IEC 33002:2015, 4.4 (g)], the specific nature of
the VSE should be explored to establish constraints on availability of resources or data that might
affect the reliability of the process assessment.
6.1.3 Roles and responsibilities
Typically, the process assessment team for VSE process assessment process consists of at least one
lead assessor or a lead assessor with other assessors. The assessors should be familiar with the VSE
characteristics.
6.1.4 The assessment process
The activities to be performed will be determined by the chosen documented assessment process
tailored as necessary. The documented process for the process assessment of a VSE should address all
of the required activities defined in ISO/IEC 33002:2015, 4.2.
Specific concerns of relevance to process assessment of VSEs include the following.
a) Plan the assessment
Typically, the schedule for process assessment of a VSE will need to take account of the availability
of key resources. The level of resources required for the process assessment should be determined
according to the resources available to the VSE.
b) Collect the data
The strategy for data collection should take account of the nature of the work performed within
the VSE and of the nature of the items of objective evidence that will typically be available. Often,
process assessments in VSEs rely heavily on testimony from performers of the processes; however,
to the best extent possible, the assessors should endeavour to obtain other supporting objective
evidence drawn from the VSE work products.
c) Validate the data
The key issue in data validation in process assessment of a VSE is ensuring that the data collected is
representative of the normal operations of the enterprise.
d) Derive results
In conducting process attribute rating, the assessors should focus on the extent to which the
evidence obtained addresses the processes and process attributes being rated. The requirement
for traceability between the rating and the evidence employed [ISO/IEC 33002:2015, 4.2.1 e) 1)] is
relevant here.
© ISO/IEC 2020 – All rights reserved 5

e) Report the assessment
The assessors should ensure that the report to the sponsor of the process assessment covers the
full scope of the VSE profile employed in the process assessment.
6.2 Use of the assessment results
The process assessment results can be used to:
a) evaluate the process quality levels of an organization;
b) determine the improvement opportunities, in order to enhance the organization’s ability to meet
its business goals by improving efficiency and quality of its products and services. The findings can
be used as a base to perform the improvement plan;
c) benchmark the process quality levels with other organizations in the market;
d) select a supplier based on the supplier’s quality level assessment.
6.3 Achievement of a VSE profile
This subclause provides guidance on how to determine whether an organization fulfils a VSE profile.
The determination is based on the evaluated quality levels for the processes within each VSE profile.
ISO/IEC 29110-4-1 defines the conformance requirements.
The requirements for the VSE profiles are defined in ISO/IEC 29110-4-1. The corresponding quality
levels to be evaluated for each VSE profile can be derived from the respective parts of ISO/IEC 29110-4-1.
At minimum, all mandatory elements of the VSE profile, as defined in ISO/IEC 29110-4-1, are the ones to
be considered in the process assessment.
For example, the achievement of the software Basic profile, implies that the assessed processes achieve
quality level one as defined in Annex A. This means that the implemented process achieves its process
purpose and its defined outcomes. For example, for the Generic Basic profile for software, the applicable
process purposes are documented in ISO/IEC 29110-4-1 (process reference model for the Basic profile):
— Project management process;
— Software implementation process.
NOTE Process reference models are now to be contained in ISO/IEC 29110-4-1.
The related outcomes of the process reference model are documented in Annex A (supported by
ISO/IEC/TR 29110-5–1–2 under the process-specific objectives). A detailed mapping of the VSE profile
process elements to ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207, and other base standards are provided
in ISO/IEC 29110-4-1.
6.4 Application of process assessment models
Use of ISO/IEC 33004 compliant process assessment model (PAM) ensures that the process assessment
results are comparable, reliable, and repeatable. The assessor should confirm that the applied PAM is
suitable for assessing the process capability in the context of VSEs.
The applied PAM should have a set of indicators that address the process purpose and outcomes, and
demonstrate the achievement of the required capability level.
ISO/IEC 29110-4-1 Specifications for VSE profiles document a detailed mapping of process elements
between ISO/IEC 29110-5-m-n and the process reference model in of ISO/IEC 29110-4-1, respectively.
A VSE-specific PAM can be derived by selecting those process assessment indicators relevant to the
corresponding process outcomes defined in ISO/IEC 29110-4-1.
6 © ISO/IEC 2020 – All rights reserved

Two examplars of PAMs are provided in Annex B and Annex C, respectively.
Annex A presents two main process assessment aspects for the assessment of VSE software related
processes: a) the measuremment framework, and b) the principles of VSE maturity model (i.e. VSE
profiles achievement rules).
Annex B presents the software process assessment model for the assessment of the processes of
Software development VSEs, as defined in ISO/IEC 29110-4-1 and ISO/IEC 29110-5-2-1 (Basic profile
processes for software and the organizational profile processes respectively). It also details the VSE
maturity model specific for the software development VSEs.
Annex C presents the same two process assessment aspects as in Annex B but for the assessment of VSE
system related processes
Each main aspect above is accompanied by their compliancy verification section towards their
applicable requirements defined in ISO/IEC 330xx standards, respectively within each annex.
© ISO/IEC 2020 – All rights reserved 7

Annex A
(informative)
Measurement framework for the assessment of process capability
and VSE profiles
NOTE The statements using the verbal form "shall" in this annex are copied from the applicable standards
and do not constitute requirements of this document.
A.1 Structure of the annex and overview
This annex provides the measurement framework for the evaluation of the process quality attributes of
the processes defined in the ISO/IEC 29110 series for VSEs.
This annex sets out the measurement framework that may be used in the assessment of process
capability and VSE profiles for Very Small Entities developing software. The requirements for process
capability and VSE profile scales defined in this annex form a structure which:
a) facilitates self-assessment;
b) provides a basis for use in process improvement and capability determination;
c) takes into account the context in which the assessed process is implemented;
d) produces a process capability scale;
e) is applicable across all application domains and mainly for a VSE;
f) may provide an objective benchmark between organizations.
The capability of a process to perform at a specific level of performance depends on well established
principles. A.2 sets out those principles that are common to all domains. The process capability
measurement framework described in this annex is expressed in terms of a set of process attributes.
Each process attribute is defined in terms of a set of process attribute outcomes which can be evaluated
to indicate the extent of achievement of the process attribute. The process attributes are organized into
process capability levels, ranging from Incomplete (in which the process does not achieve its defined
process outcomes) to Aligned (in which the process implemented aligned to the organizational business
goals as well as ensuring customer satisfaction).
The result of an assessment, using a process assessment model that incorporates this process
measurement framework, will be a set of process profiles, ratings of the achievement of the set of
process attributes for each process in the scope of the assessment. The result can also be expressed
in terms of the capability level ratings achieved for each process in the assessment scope. A capability
level rating does not guarantee that an organization will perform its processes at any given process
capability level, simply that it is capable of performing its processes at that level, at the time of the
assessment.
This annex also presents the main concepts for VSE profiles, maturity levels within the ISO/IEC 29110
profiles for VSE.
8 © ISO/IEC 2020 – All rights reserved

A.2 Measurement framework for the assessment of process capability for
processes for VSEs
A.2.1 General
This subclause defines a measurement framework for the assessment of process capability. The
measurement framework provides a schema for use in characterizing the capability of an implemented
process with respect to a process assessment model.
Within this process measurement framework, the measure of capability is based upon a set of process
attributes (PA). Each attribute defines a measurable property of process capability. The extent of
process attribute achievement is characterised on a defined rating scale. The process capability level
for an assessed process is derived from the set of process attribute ratings represented in the process
profile.
Process attributes are defined in such a way that they can be rated independently of one another;
there can be other relationships between them, e.g. the achievement of one process attribute may
be associated with the achievement of another process attribute within the process measurement
framework.
A.2.2 Process capability levels and process attributes
Process capability is defined on a four point ordinal scale that enables capability to be assessed from
the bottom of the scale, Incomplete, through to the top end of the scale, Aligned. The scale represents
increasing capability of the implemented process, from failing to achieve the process purpose through
to aligning to the organizational business goals as well as ensuring customer satisfaction.
Table A.1 — Capability levels and process attributes
Capability levels Process attribute ID
Level 0: Incomplete process
Level ALPHA: Performed process PA.1 Process performance
Level BETA: Articulated Process PA.2 Management of resources
PA.3 Defined process
Level GAMMA: Aligned Process PA.4 Process alignment
a) Level 0: Incomplete process
The process is not implemented or fails to achieve its process purpose.
At this level, there is little or no evidence of any systematic achievement of the process purpose.
b) Level ALPHA: Performed process
The implemented process achieves its process purpose. The following attribute of the process
demonstrates the achievement of this level:
PA.1 Process performance attribute
The process performance attribute is a measure of the extent to which the process purpose is
achieved. As a result of full achievement of this attribute, the process achieves its defined outcomes.
c) Level BETA: Articulated process
The previously described Performed process is now implemented in a managed fashion (resources
managed) and it follows a monitored defined process.
The following attributes of the process, together with the previously defined attribute, demonstrate
the achievement of this level:
© ISO/IEC 2020 – All rights reserved 9

1) PA.2 Management of resources attribute
The management of resources attribute is a measure of the extent to which the organizational
resources are used for the performance of the process. As a result of full achievement of this
attribute:
— performance of the process is planned and monitored;
— resource needs for the performance of the process are identified;
— responsibilities and authorities for performing the process are assigned and communicated;
— resources and information necessary for performing the process are made available,
allocated and used;
— interfaces bet ween the involved parties are managed to ensure both effective communication
and clear assignment of responsibility.
2) PA.3 Defined process attribute
The defined process attribute is a measure of the extent to which the organizational process
is defined and used for the performance of the process. As a result of full achievement of this
attribute:
— a standard process, including appropriate tailoring guidelines, is defined that describes
the fundamental elements that must be incorporated into a defined process, including
competencies and roles and infrastructure;
— the defined process is deployed based upon an appropriately selected and/or tailored
standard process, including the use of the standard competencies and roles and
infrastructure;
— suitable methods for monitoring the effectiveness and suitability of the process are
determined;
— appropriate data are collected and analyzed as a basis for understanding the behaviour of
and to demonstrate the suitability and effectiveness of the process, and to evaluate how the
process is performed and where continuous improvement of the process can be made.
d) Level GAMMA: Aligned process
The previously described Articulated process is now implemented aligned to the organizational
business goals, as well as ensuring customer satisfaction.
The following attributes of the process, together with the previously defined attribute, demonstrate
the achievement of this level:
PA.4 Process alignment attribute
The process alignment attribute is a measure of the extent to which the process is maintained
aligned to the organization business objectives. As a result of full achievement of this attribute:
— process information needs and objectives (quantitative and qualitative) in support of relevant
business goals are established;
— results of measurement are collected, analyzed and reported in order to monitor the extent to
which the quantitative objectives for process performance are met;
— corrective actions are taken to address deviations from objectives defined.
10 © ISO/IEC 2020 – All rights reserved

A.2.3 Process attribute rating scale
Within this process measurement framework, a process attribute is a measureable property of process
capability. A process attribute rating is a judgement of the degree of achievement of the process
attribute for the assessed process.
A process attribute is measured using an ordinal scale as defined below.
— N Not achieved:
There is little or no evidence of achievement of the defined process attribute in the assessed
process.
— P Partially achieved:
There is some evidence of an approach to, and some achievement of, the defined process attribute in
the assessed process. Some aspects of achievement of the process attribute may be unpredictable.
— L Largely achieved:
There is evidence of a systematic approach to, and significant achievement of, the defined process
attribute in the assessed process. Some weaknesses related to this process attribute may exist in
the assessed process.
— C Completely achieved:
There is evidence of a complete and systematic approach to, and full achievement of, the defined
process attribute in the assessed process. No significant weaknesses related to this process
attribute exist in the assessed process.
The ordinal scale defined above is represented in terms of percentage achievement of a process
attribute.
The corresponding percentages are:
N Not achieved 0 % to ≤15 % achievement
P Partially achieved >15 % to ≤50 % achievement
L Largely achieved >50 % to ≤90 % achievement
C Completely achieved >90 % to ≤100 % achievement
A.2.4 Process attribute rating method
A process outcome is the observable result of successful achievement of the process purpose.
A process attribute outcome is the observable result of achievement of a specified process attribute.
Process outcomes and process attribute outcomes may be characterised as an intermediate step to
providing a process attribute rating.
When performing rating, the rating method employed being relevant to the class of assessment, that
for VSE process assessments is of R3 (as defined in ISO/IEC 33020), where the process attribute rating
across assessed process instances are made without aggregation.
A.2.5 Process capability level model
The process capability level achieved by a process is derived from the process attribute ratings for that
process according to the process capability level model defined in Table A.2.
© ISO/IEC 2020 – All rights reserved 11

Table A.2 — Process capability level ratings
Scale Process attributes Rating
Level ALPHA PA 1 Process performance Completely
Level BETA PA 1 Process performance Completely
PA.2 Management of resources Completely
PA.3 Defined process Complete
...